|
223431
|
7.8 |
HIGH
Local
|
openbsd
|
openbsd
|
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing ch…
|
CWE-269
Improper Privilege Management
|
CVE-2019-19726
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223432
|
7.5 |
HIGH
Network
|
bson-objectid_project
|
bson-objectid
|
An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the u…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2019-19729
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223433
|
9.8 |
CRITICAL
Network
|
sysstat_project
debian
canonical
|
sysstat
debian_linux
ubuntu_linux
|
sysstat through 12.2.0 has a double free in check_file_actlst in sa_common.c.
|
CWE-415
Double Free
|
CVE-2019-19725
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223434
|
8.8 |
HIGH
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 13640 allows a remote authenticated SQL injection via the Agent servlet agentid parameter to the Agent.java process function.
|
CWE-89
SQL Injection
|
CVE-2019-19650
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223435
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_applications_manager
|
Zoho ManageEngine Applications Manager before 13620 allows a remote unauthenticated SQL injection via the SyncEventServlet eventid parameter to the SyncEventServlet.java doGet function.
|
CWE-89
SQL Injection
|
CVE-2019-19649
|
2024-11-21 13:35 |
2019-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223436
|
8.8 |
HIGH
Network
|
yabasic
|
yabasic
|
Yabasic 2.86.1 has a heap-based buffer overflow in the yylex() function in flex.c via a crafted BASIC source file.
|
CWE-787
Out-of-bounds Write
|
CVE-2019-19720
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223437
|
6.1 |
MEDIUM
Network
|
tableau
|
tableau_server
|
Tableau Server 10.3 through 2019.4 on Windows and Linux allows XSS via the embeddedAuthRedirect page.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19719
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223438
|
6.1 |
MEDIUM
Network
|
mediawiki
debian
|
mediawiki
debian_linux
|
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and u…
|
CWE-601
Open Redirect
|
CVE-2019-19709
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223439
|
6.1 |
MEDIUM
Network
|
mediawiki
|
visual_editor
|
The VisualEditor extension through 1.34 for MediaWiki allows XSS via pasted content containing an element with a data-ve-clipboard-key attribute.
|
CWE-79
Cross-site Scripting
|
CVE-2019-19708
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
223440
|
7.5 |
HIGH
Network
|
moxa
|
eds-g508e_firmware
eds-g512e_firmware
eds-g516e_firmware
|
On Moxa EDS-G508E, EDS-G512E, and EDS-G516E devices (with firmware through 6.0), denial of service can occur via PROFINET DCE-RPC endpoint discovery packets.
|
NVD-CWE-noinfo
|
CVE-2019-19707
|
2024-11-21 13:35 |
2019-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
